<?php


   // adds a new user to the table	
  function addMember($username,$password) {
    $host="mysql2.000webhost.com"; 
	$db_name="a7709402_test";
	$tbl_name="member";
	mysql_connect("$host", "a7709402_test", "ics414")or die("cannot connect");
	mysql_select_db("$db_name")or die("cannot select DB");

        $sql="SELECT * FROM member WHERE username='$username'";
	$result=mysql_query($sql);

	if(mysql_num_rows($result) == 0) {
	
	//XSS injection check
	$username = cleanXSS($username);
	$password = cleanXSS($password);
	$password = md5($password); 
        $salt = $password."sdlfsido";
        $salt = md5($salt);

    // query database
    $sql="INSERT INTO $tbl_name(username,password,validation) VALUES ('$username', '$password', '$salt')";
    //echo $sql; //testing
  	$result=mysql_query($sql);   
        } 
  }
  
  // adds a book referencing user
  function addBook($username, $bookname, $issn, $edition, $class, $professor, $price, $file, $author) {
  	$host="mysql2.000webhost.com"; 
	$db_name="a7709402_test";
	$tbl_name="books";
	mysql_connect("$host", "a7709402_test", "ics414")or die("cannot connect");
	mysql_select_db("$db_name")or die("cannot select DB");
	
  $url = "http://uhbookselling.net78.net/books/".$file;
    // query database
    $sql="INSERT INTO $tbl_name(username,bookname,issn,edition,class,professor,price,url,author) VALUES ('$username', '$bookname','$issn', '$edition', '$class', '$professor', '$price', '$url', '$author')";
    //echo $sql; //testing
  	$result=mysql_query($sql); 
  }
   
  function cleanXSS($value) {
  	return mysql_real_escape_string(stripslashes($value));
  } 
?>
